I am PURELY guessing, since I haven't been able to get the sw yet due to the torrents not kicking in yet. But I would think if you installed the Image DVD then you are using an image they installed and probably connected to, hence why there is knowledge of a connection. You should be able to delete it. I would hope that isn't there if you download the CD version and install yourself.

Again, pure speculation. Being as they mentioned the DVD was an IMAGE of a system already installed.

This could be a left-over from that I didn't catch. Sorry. Let me check on this. I did leave in the pluto remote assistance thing because pluto said it could be used by any 3rd party companies that wanted to offer tech support. Let me dig some more and be sure I didn't leave in anything that's a security risk.

This should not be a problem. I talked to the Pluto guy who wrote it. It's not a backdoor, and neither Pluto nor anyone else will have the corresponding private key.

the key is auto-generated at install time for each installation and the purpose is to allow media directors to have ssh access to the main box so that they can do things like modify their boot sequence, access teh database, etc. It's not a common key, and nobody else has the private key, except the media directors. The key is unique for each install and generated on the fly when it install time in these scripts:

And the corresponding key is put on the media directors in their boot images. This sounds correct and should make it safe. Please confirm that we're all in agreement that this is ok and not a cause for concern. I was in a bit of a panic mode since I ordered 1,000 replicated dvd's from a mastering house (linuxmce is now sending out dvd's), and obviously if they have any back doors or security holes I have to stop the order and get it fixed. So can you guys post replies confirming we're in consensus that this is not a problem?

Well I'm glad I wasn't screaming back-door then, my foot doesn't taste that great you know. And my appologies for startling you, that was not my intention.

It seems to me like a very legitimate use of that mechanism, I don't see much of a problem with that. And unless other people found the exact same key I posted, I'd consider this a total non-issue. Thanks for clearing it up.